27 matches found
CVE-2026-48216
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...
Automated-CSRF-PoC-Generator
Description: A specialized Python script designed to automate th...
CVE-2026-27229 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
Cross-Site Scripting (XSS)
magento is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user input in form fields, which allows an attacker to inject malicious scripts that execute in a victim’s browser when the affected page is viewed...
PT-2024-17183 · Codeastro · Codeastro Hospital Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Hospital Management System version 1.0 Description: A vulnerability has been found in the CodeAstro Hospital Management System, affecting an unknown functionality of the file /backend/admin/his admin register patient.php of the...
Decidim cross-site scripting (XSS) in the admin panel
Impact The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. The attacker is able to change e.g. to if they know how to craft these requests themselves. And then enter the returned blob ID to the form inputs manually b...
Spying on the spies. See what JavaScript commands get injected by in-app browsers
Developer and privacy expert Felix Krause aka KrauseFx announced this week that he had introduced a simple tool to list the JavaScript commands executed by iOS apps when they deployed an in-app web browser to render webpages. He already shared some eye-opening results on his Twitter feed. By...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pattern attribute in form inputs. An attacker can inject HTML or execute arbitrary JavaScript by crafting malicious input that exploits improper escaping of thi...
How Page Integrity Manager Detects Real-World Magecart Attacks
Written by Ziv Eli - Engineering Manager, Security and Maor Hod - Senior Product Manager, Security In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Page Integrity Manager. The impacted customer operates a large international e-commerce busines...
CVE-2019-16070
A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...
CVE-2019-16070
A number of stored Cross-site Scripting XSS vulnerabilities were identified in NETSAS Enigma NMS 65.0.0 and prior that could allow a threat actor to inject malicious code directly into the application through web application form inputs...
DEBIAN-CVE-2018-5098
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...
UBUNTU-CVE-2018-5098
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...
Rails activerecord gem has Improper Input Validation vulnerability
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
GHSA-GJXW-5W2Q-7GRF Rails activerecord gem has Improper Input Validation vulnerability
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
SA-CONTRIB-2014-090 - Speech recognition - Multiple vulnerabilities
This module enables you to add speech recognition to forms, allowing site admins to enable experimental Speech Input API features on form inputs through the user interface. Cross Site Scripting XSS The module incorrectly prints fields without proper sanitization thereby opening a Cross Site...
FreeBSD : opera -- multiple vulnerabilities (2eda0c54-34ab-11e0-8103-00215c6a37bb)
Opera reports : Opera 11.01 is a recommended upgrade offering security and stability enhancements. The following security vulnerabilities have been fixed : - Removed support for 'javascript:' URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS. - Fixed an issue where...
Opera Browser Multiple Vulnerabilities Feb-11 (Windows)
The host is installed with Opera browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnwinfeb11.nasl 7052 2017-09-04 11:50:51Z teissa $ Opera Browser Multiple Vulnerabilities Feb-11 Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Network...
opera -- multiple vulnerabilities
Opera reports: Opera 11.01 is a recommended upgrade offering security and stability enhancements. The following security vulnerabilities have been fixed: Removed support for "javascript:" URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS. Fixed an issue where large...